Hi All,
I'm building a p2p secure communication system where each user is
identified by a RSA key.
In such a system, is it ok to use hardcoded DH params compiled into the
application, or must i generate separate dh params for every user?
Thanks in advance!
Regards
Sreeram
signature.asc
Hello,
Is it possible to decrypt a recorded SSL session, if the attacker gains
access to the RSA private keys at a later point in time?
If key_exchange was done with RSA and server RSA private key
was compromised ... without problem.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
I will be out of the office starting 05/26/2006 and will not return until
05/30/2006.
I will respond to your message when I return.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Hi all,
I am currently working on a HTTPS-like server.The application is
multithreaded using OpenSSL 0.9.7i. There is the server who accept
incoming SSL connections and then spawn request-handler-thread to deal
with each individual requests based on BIO on top of SSL. Each handler
thread will
Hello,
when it ends:
/*cleanup the BIO chain*/
BIO_flush(_io);
_io-references = 0;
BIO_free(_io);
_io = NULL;
_my_struct-bio-references = 0;
BIO_free_all(_my_struct-bio);
_my_struct-bio = NULL;
_my_struct-ssl-references =
Sreeram Kandallu wrote:
Hi All,
I'm building a p2p secure communication system where each user is
identified by a RSA key.
In such a system, is it ok to use hardcoded DH params compiled into the
application, or must i generate separate dh params for every user?
Hard-coded DH parameters
Michael Sierchio wrote:
Hard-coded DH parameters (generator and prime) are fine. I assume you'll
be negotiating ephemeral keys via some mechanism?
I'm already using SSL for establishing the secure channel. I'm just
adding DH support for forward secrecy. So OpenSSL should handle creation
of the
Thanks Marek.
I've checked the FAQ page of the mem leak part
Please correct me if i am wrong, WRT the guidelines,i assume
For each of the worker-thread:
by adding ERR_remove_state(0) before the pthread_exit() will
free up
the error string mem allocations.
For the
Hello,
For each of the worker-thread:
by adding ERR_remove_state(0) before the pthread_exit() will
free up
the error string mem allocations.
This will free error queue from this thread - should be used.
For the Server thread:
after each SSL
Hello
What version of OpenSSL you use ?
I do not remember exactly but in one version
there was memory leak after general release.
(I do not remember version).
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
__
OpenSSL Project
Thanks for pointing that out for me about ERR_remove_state(0);
But i still have memory leaks after large amount of connections(simulated by
my own crazy test program which connects to the server recursively with
different
messages)
I am using OpenSSL0.9.7i .
Regards!
Lei
-Original
lei:
have you enabled session cache? if you enabled session cache and you have a lot
of ssl connections come and go, you may encounter mem leak problem. the mem
is not actually leaked, but hold by the session cache. the mem will be released
eventually after certain amount of time (in the
But i still have memory leaks after large amount of
connections(simulated by
my own crazy test program which connects to the server recursively with
different
messages)
How did you establish that the memory was leaked?
DS
Thanks Chong !
I set my static CTX structure of the SSL SERVER to disable SESSION CACHE
already. But still after many children threads
coming in and going away , it will pile up memory usage to a higher
percentage
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Hi David,
The way i handle incoming SSL connection is as follows:
SSL SERVER (static CTX structure)
|
LISTENING: TCP listen
|
TCP accept (select())
|
Hello,
ENGINE_cleanup();
CONF_modules_unload();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
This should by removed from your code.
Best regards,
--
Marek
After accepting many incoming SSL connections hence many threads creation
and deletion
the memory usage of the program will increase up to a higher percentage
after some time.
That doesn't mean that the memory is leaked.
Before i applied those cleanup functions,mem usage will pile
17 matches
Mail list logo
